diff options
| author | thomascube <thomas@roundcube.net> | 2011-09-05 08:39:52 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2011-09-05 08:39:52 +0000 |
| commit | c170bfc92f48dea0dc009916251acf730b1d885f (patch) | |
| tree | d02af8a255663f025c436979b11c6608b62ba8b5 /config | |
| parent | 94a5a24fc2a8040b22d4012773ebb6879957cfdf (diff) | |
Protect from Clickjacking by sending X-Frame-Options headers (#1487037)
Diffstat (limited to 'config')
| -rw-r--r-- | config/main.inc.php.dist | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist index 822c6e63a..30268e079 100644 --- a/config/main.inc.php.dist +++ b/config/main.inc.php.dist @@ -237,6 +237,10 @@ $rcmail_config['ip_check'] = false; // check referer of incoming requests $rcmail_config['referer_check'] = false; +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_confoig['x_frame_options'] = 'sameorigin'; + // this key is used to encrypt the users imap password which is stored // in the session record (and the client cookie if remember password is enabled). // please provide a string of exactly 24 chars. |